<!-- Dusan Milic -->
<?php
include("konekcija_sa_bazom.php");
$naziv=$_POST["poklon"];
$cena=$_POST["cena"];
$tip=$_POST["Tip"];
$fajl = 'file';
$id=$_POST["id"];
$naziv = mysql_escape_string($naziv);
$cena = mysql_escape_string($cena);
$tip=mysql_escape_string($tip);

if(isset($_POST['submit']) && $_FILES[$fajl]['size']>0 )
    {
        $ime = $_FILES[$fajl]['name'];
        $privremeno_ime = $_FILES[$fajl]['tmp_name'];
        //$velicina = $_FILES[$fajl]['size'];
        //$tip_fajla = $_FILES[$fajl]['type'];

        $fp = fopen($privremeno_ime, 'r');
        $sadrzaj = fread($fp, filesize($privremeno_ime));
        $sadrzaj = addslashes($sadrzaj);
        fclose($fp);

        if(!get_magic_quotes_gpc())
        {
            $ime = addslashes($ime);
        }

        $upit = "INSERT INTO slika(slika) VALUES('$sadrzaj')";

        mysql_query($upit);
        $id_slike = mysql_insert_id();
    } else
    {
        $id_slike = 1;
    }
        mysql_query("SET NAMES utf8");
	$korisnik_query = "INSERT INTO poklon(naziv, cena ,brojPluseva,	brojMinusa, idSlika ,idKorisnik) VALUES('$naziv','$cena', '0', '0', '$id_slike','$id')";
	mysql_query($korisnik_query) or die("Greska pri ubacivanju u korisnik");
	$id_poklona = mysql_insert_id();
	mysql_query("SET NAMES utf8");
	$query = "SELECT idTipLicnosti FROM tiplicnosti WHERE naziv ='$tip'";
	
	$result = mysql_query($query) ;
	$row = mysql_fetch_array($result);
	
	$korisnik_query = "INSERT INTO odgovara(idTipLicnosti, idPoklon,koeficijent) VALUES('$row[0]','$id_poklona', '11')";

	mysql_query($korisnik_query) ;
	
	echo"<meta http-equiv='REFRESH' content='0;url=ProfilPoklona.php?id=$id_poklona'>";
	
	


?>